Lost Trunk
Guru
- Joined
- Aug 5, 2008
- Messages
- 228
- Reaction score
- 0
Talk about sensing condescension... anyway, our big point of disagreement here is over whether Travlin' Man is an "unobtrusive" solution, and that, I would say, is in the eye of the beholder. Some may not think it's a PITA to fire up a computer and browser before you can use your hardware VoIP adapter. Personally, I would find that completely and utterly unacceptable. With a softphone it's another matter entirely.
But that doesn't mean I throw security to the wind. Anyone trying to to a brute-force attack on the passwords on my system had better be prepared to spend several lifetimes on the process, because between fail2ban, the "knock", and some very long, very random passwords, they aren't getting in (unless they find some kind of backdoor into the system, and if they can do that we're all in trouble). Note that I DO use the whitelist approach for things like ssh and Webmin access - I just don't use it for SIP.
Oh, by the way, while we are on the subject of SSH...
For someone who is so security conscious, why is it that by default a PiaF/Incredible installation allows you to log in as root using a password only, from anywhere in the world? I mentioned that to a friend who is much more knowledgeable about security than I am (his duties include network security for the company that employs him) and he said that many new Linux distributions (but not CentOS, apparently) won't even allow you to login as root - they force you to pick a username and then use sudo to perform administrative tasks. That at least forces a brute-force attacker to guess a username and a password, rather than allowing them to assume that they only have to guess the root password. It seems to me THAT is the weakest link in a new PiaF setup, because if I can get in as root I can get to Asterisk's configuration files, and saved in those files are all the user passwords - in plain text! So the first thing anyone not using a hardware firewall should do is setup a whitelist for SSH access (or use something other than root, or change the default ssh port, or some combination of those things) but it seems to me like leaving ssh that insecure by default is not a good thing.
I know you print warning messages during setup but would it not be a good idea, somewhere in the install script, to have the administrator pick a user name and password, then (in the script) set up an account for that user and add that username to the sudoers list, then disable root access to ssh? Or would that cause other problems?
But that doesn't mean I throw security to the wind. Anyone trying to to a brute-force attack on the passwords on my system had better be prepared to spend several lifetimes on the process, because between fail2ban, the "knock", and some very long, very random passwords, they aren't getting in (unless they find some kind of backdoor into the system, and if they can do that we're all in trouble). Note that I DO use the whitelist approach for things like ssh and Webmin access - I just don't use it for SIP.
Oh, by the way, while we are on the subject of SSH...
For someone who is so security conscious, why is it that by default a PiaF/Incredible installation allows you to log in as root using a password only, from anywhere in the world? I mentioned that to a friend who is much more knowledgeable about security than I am (his duties include network security for the company that employs him) and he said that many new Linux distributions (but not CentOS, apparently) won't even allow you to login as root - they force you to pick a username and then use sudo to perform administrative tasks. That at least forces a brute-force attacker to guess a username and a password, rather than allowing them to assume that they only have to guess the root password. It seems to me THAT is the weakest link in a new PiaF setup, because if I can get in as root I can get to Asterisk's configuration files, and saved in those files are all the user passwords - in plain text! So the first thing anyone not using a hardware firewall should do is setup a whitelist for SSH access (or use something other than root, or change the default ssh port, or some combination of those things) but it seems to me like leaving ssh that insecure by default is not a good thing.
I know you print warning messages during setup but would it not be a good idea, somewhere in the install script, to have the administrator pick a user name and password, then (in the script) set up an account for that user and add that username to the sudoers list, then disable root access to ssh? Or would that cause other problems?